About MnemoShare
MnemoShare exists because the file transfer infrastructure that regulated industries depend on was never designed for the threats they face today. We built the platform we needed and couldn't find.
Every architectural decision in MnemoShare traces to a failure mode witnessed firsthand — in breach investigations, compliance audits, and the gap between how security is documented and how it actually works under pressure.
Why MnemoShare Exists
MnemoShare was founded by engineers with over 35 years of combined experience in enterprise security, regulated file transfer, and incident response across healthcare and financial services.
That experience includes building and operating the systems that were supposed to protect sensitive data — SFTP servers, MFT appliances, encryption gateways — and watching them fail. Not because of exotic zero-days, but because of architectural decisions made decades ago that no amount of patching can fix: permanent credentials that outlive the people who created them, monolithic web applications that expose administrative interfaces to the internet, and audit logs that record an IP address when investigators need a verified identity.
When MOVEit Transfer was compromised through a SQL injection vulnerability (CVE-2023-34362), it exposed data from over 2,600 organizations. When GoAnywhere MFT fell to a pre-authentication RCE (CVE-2023-0669), it was through an admin console that should never have been reachable. When Accellion FTA was breached through a chain of four CVEs, the root cause was a 20-year-old codebase that had been patched forward long past its architectural limits.
These weren't failures of individual products. They were failures of an approach — the assumption that file transfer is a solved problem, that wrapping SFTP in a web interface makes it modern, and that compliance checkboxes equal security.
MnemoShare was built to replace that approach entirely.
The Problem is Personal
The managed file transfer industry generates over $1.5 billion annually. The breaches it has enabled have cost organizations an estimated $10 billion or more in the last three years alone — in direct costs, regulatory fines, legal settlements, and reputational damage.
We've been on the receiving end. We've sat in rooms where incident responders explain that they can't determine who accessed a file because the SFTP server only logged a key fingerprint. We've written compliance documentation for systems where we knew the audit trail wouldn't survive a real investigation. We've watched organizations pay for “enterprise MFT” platforms that are, underneath the UI, the same monolithic architecture that gets breached every year.
MnemoShare exists because we decided to build the system we would want to defend in an investigation, present to an auditor, and trust with our own organization's data.
Every Decision Has a Reason
MnemoShare's architecture isn't theoretical. Every design choice maps to a specific failure mode we've witnessed:
Ephemeral credentials instead of SSH keys
Because we've seen organizations with thousands of SSH keys spread across servers, most belonging to people who left years ago. Short-lived JWTs expire automatically — there's nothing to rotate, revoke, or forget about.
Application-layer encryption with customer-controlled keys
Because “encrypted at rest” usually means the cloud provider holds the keys — and a single IAM misconfiguration exposes everything. MnemoShare encrypts with AES-256-GCM per-file before data reaches storage, using keys the customer controls at every tier.
DLP scanning before storage, not after
Because the MOVEit breach moved files without inspecting them. MnemoShare's multi-stage DLP pipeline — pattern matching, ML scoring, optional GenAI classification — detects sensitive data in motion and enforces policy before data leaves the organization.
Immutable, WORM-exportable audit trails
Because we've investigated incidents where the audit log was the first thing compromised. MnemoShare produces structured events that export to customer-managed immutable storage — beyond the reach of any administrator, including ours.
Designed to Minimize Vendor Trust
MnemoShare is available as both a self-hosted platform and a managed cloud service — and both models share the same security architecture and the same principle: minimize the trust customers must place in any vendor, including MnemoShare.
Self-hosted customers deploy within their own infrastructure, using their own identity providers, storage systems, and encryption keys — with full operational independence from MnemoShare.
SaaS customers receive a dedicated, isolated instance — never shared infrastructure. Each instance runs in its own Kubernetes namespace with its own database and S3 storage, providing the same security controls and audit capabilities as a self-hosted deployment.
In both models, MnemoShare never accesses customer data by default. Encryption keys, storage, and audit evidence remain under customer control.
Who MnemoShare Is For
MnemoShare is built for organizations that:
- Exchange sensitive data with external partners — vendors, labs, processors, financial counterparties — and need to prove every transfer was authorized, encrypted, and audited
- Operate under HIPAA, HITRUST, SOC 2, or other regulatory frameworks where audit trail quality directly affects certification outcomes
- Are replacing SFTP servers or legacy MFT appliances (MOVEit, GoAnywhere, Kiteworks, GlobalScape) and need migration tooling that understands the source systems
- Require security controls that hold up under investigation — not just in compliance documentation, but when an incident responder needs to reconstruct what happened
MnemoShare is developed with a long-term focus on correctness, transparency, and operational independence. We build for the organizations that can't afford to get file transfer wrong.
Ready to evaluate MnemoShare?
Talk to our team about your security requirements, deployment architecture, and compliance needs.